PCI V3 - are you confidant that you are now compliant? And what do you do next? We look at how you should ensure you are implementing the requirements of PCI v3 correctly to ensure that you do not fall short of compliance, and where that might happen. Register to find out more!

SC Magazine's SC Congress returned to London on 3 March, 2015 with an all new programme! Hundreds of industry insiders attended the full day of hard-hitting information security news and solutions from leaders in their fields.
Check back soon for information on the next SC Congress.

When should you ban personal mobile use? Is Choose your own device appropriate, or can you safely harness the cost savings of Bring Your Own Device? Register today for this free editorial webcast to find out more as disucss..

100 days until the London Olympics - on your marks!

Today marks 100 days until the start of the London Olympics – and for IT departments, a call to the starting blocks for possibly the most demanding period in many years.

Whether the demands are on remote working, secure access to networks and applications or simply getting staff to the building in the first place, the Olympics will likely provide the greatest challenge to IT management.

Research by Interactive Intelligence found that 23 per cent of senior managers (and above) at large businesses based in London and the South felt that their company was fully prepared for the potential disruption.

In its survey of 120 people, 79 per cent said a proportion of their staff who are expected to commute and travel during the Olympics will be affected; 57 per cent have already implemented, or plan to implement, remote working capabilities, helping to ensure employees are empowered to work from any location.

Of course, the key thing to remember is that IT does not revolve around the city of London, and the Olympics themselves are not simply a London event, with major cities around the UK hosting other sporting events. Also, it is not just the Olympics that will concern IT departments, as the Paralympics follow and the European football championships precede the Games in June.

John Colley, managing director for EMEA at (ISC)2, said geographical issues will affect more than Londoners. Talking about its own plans, Colley said (ISC)2's office is in London Bridge, which will be one of the busiest railway stations with the Jubilee Line heading out to Stratford and the Olympic Park, so it was making plans for staff to work remotely.

He said: “There is a lot of basic stuff but you have got 100 days to do a security review, that you should do on an ongoing basis, to fix problems, and this will be a good time to test your contingency plans.”

Likewise, Gary Sidaway, director of security strategy at Integralis, said this was a good opportunity to review a user programme that involved staff who wished to work from home and the use of soft tokens.

He said: “The other thing is the increased chance of a denial-of-service (DoS) attack, so it is a good time to make sure you have a level of monitoring and attack monitoring; the Grand National gave some clients the ability to test their capacity.

“Also, it is not just about offering a VPN but how you extend it; it is about general awareness, the type of attack and the information required for outside-of-IT skills.” He said at home, it is easy for concentration to slip and for an employee to respond to a clever phishing email – collecting user credentials while the employee watches the 100 metres final, say.

Ian Foddering, CTO of Cisco UK and Ireland, the official network infrastructure supporter of London 2012, said many companies are still unprepared. “Organisations need to prepare in a wide manner of ways to ensure they are business-ready – from evaluating their network infrastructure to preparing for flexible working through effective collaboration technology,” he said.

“A core factor to any London 2012 technology strategy will inevitably be flexible working and how best to achieve this without too much expense. A good example of the use of Cisco technology to build such a strategy is at LOCOG, which recently introduced Cisco BT MeetMe WebEx conferencing and collaboration software.”

Asked what he recommended businesses do when it comes to people choosing to work from home, he quoted recent Cisco research which revealed that 41 per cent of small businesses have no strategy in place to cope with the possible disruptions of London 2012.

“However, being flexible in how you work has numerous benefits to efficiency, accuracy and productivity. Some organisations are already well aware of this, implementing relevant collaboration tools at every opportunity, embedding them into their culture through training and a top-down managerial approach,” he said.

“Empowering staff with the flexibility to meet a deadline by allowing them to host a meeting whilst on the train or at home will exponentially improve productivity and performance. However, if you are going to encourage remote and flexible working it is essential to have a strategy in place – so businesses need to plan. Companies could mark out milestones for employees to work towards and adjust deadlines to cater for the added pressure around the Games, ensuring both employee satisfaction and improved productivity.”

Finally, Foddering was asked about disaster recovery and preparing for a disaster-recovery scenario. He said the London 2012 organisers have ensured that every aspect of the event and each possible eventuality of the Games have been considered, and from a Cisco point of view, the technology it is using has been used before.

Cloud service provider Star recommended businesses be prepared to do "more with less" and to review both on-site and cloud security policies because they could be vulnerable as more employees than usual log in via unprotected networks and devices.

It also recommended avoiding the panic buying of consumer technologies to those businesses that believe they lack the time, budget or expertise to implement enterprise-grade solutions.

Sidaway agreed that employees should be dissuaded from using online storage such as Dropbox, and one solution might be to offer email access via an intranet rather than over the web.

Jonathan Armstrong, partner at law firm Duane Morris, said it is unlikely that employees will have a home internet connection as secure as the corporate network and should be aware of the data security risk if they are using their own laptops or transferring information to home computers using email or USB sticks.

He said: “Organisations might want to make special provisions for employees who are dealing with more secure data; for example, they might want to prohibit online corporate banking from home. They may also need to check software licences, as some may prohibit use of devices that are not part of the corporate network.

“If companies are encouraging home working, they may want to look at the capacity of their network. If their employees are going to access the corporate network over Citrix, they may want to ensure they have enough licences in place, and if there are limits on their infrastructure, they should consider telling employees outside of London to work in the office to free up Citrix capacity for London users.”

The fact is that it is 100 days until the madness in the East End commences. There is no need to panic, but instead use this as a point to begin considering where you are and where you need to be come 27 July.

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.